npm - @hardkas/accounts - Versions diffs - 0.2.2-alpha → 0.3.0-alpha - Mend

@hardkas/accounts 0.2.2-alpha → 0.3.0-alpha

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -112,8 +112,6 @@ declare function describeAccount(account: HardkasAccount): Record<string, unknow
 declare function getRequiredEnv(name: string): string;
-declare function redactSecret(value: string): string;
 /**
  * Simulated signer for simnet development.
  * Produces deterministic signatures without real private keys.
@@ -189,7 +187,10 @@ interface RealDevAccount {
     readonly name: string;
     readonly address: string;
     readonly publicKey?: string;
+    /** @deprecated Use keystoreRef for encrypted storage. Plaintext keys in this field are considered legacy/unsafe. */
     readonly privateKey?: string;
+    /** Reference to the encrypted keystore file in .hardkas/keystore/ */
+    readonly keystoreRef?: string;
     readonly createdAt: string;
 }
 declare function getDefaultRealAccountsPath(cwd?: string): string;
@@ -337,4 +338,4 @@ declare class KeystoreManager {
     static saveEncryptedKeystore(filePath: string, keystore: EncryptedKeystoreV2): Promise<void>;
 }
-export { type EncryptedKeystoreV2, type GeneratedKaspaDevAccount, type HardkasAccount, type HardkasAccountKind, type HardkasBaseAccount, type HardkasEvmPrivateKeyAccount, type HardkasExternalWalletAccount, type HardkasKaspaPrivateKeyAccount, type HardkasSigner, type HardkasSignerKind, type HardkasSimulatedAccount, type HardkasTxPlanSigner, type KaspaKeyGenerator, KaspaSdkKeyGenerator, type KaspaSdkKeyGeneratorOptions, KaspaSdkRealTxSigner, type KaspaSdkRealTxSignerOptions, type KaspaSigningBackendStatus, KaspaWasmPrivateKeySigner, type KeystoreCipherParams, type KeystoreKdfParams, KeystoreManager, type KeystorePayload, type KeystoreUnlockResult, type RealAccountStore, type RealDevAccount, type RealTxSigner, type RealTxSigningInput, type RealTxSigningResult, type ResolveAccountOptions, type SignTxPlanInput, type SignTxPlanResult, SimulatedSigner, SimulatedTxPlanSigner, UnsupportedKaspaKeyGenerator, UnsupportedRealKaspaSigner, UnsupportedRealTxSigner, assertSigningNetworkAllowed, createEmptyRealAccountStore, describeAccount, getDefaultRealAccountsPath, getKaspaSigningBackendStatus, getRealDevAccount, getRequiredEnv, importRealDevAccount, listHardkasAccounts, listRealDevAccounts, loadKaspaWasm, loadOrCreateRealAccountStore, loadRealAccountStore, loadRealAccountStoreSync, redactSecret, removeRealDevAccount, resolveHardkasAccount, resolveHardkasAccountAddress, resolveRealAccountOrAddress, saveRealAccountStore, signTxPlanArtifact, validateAccountName, validateAddressPrefix };
+export { type EncryptedKeystoreV2, type GeneratedKaspaDevAccount, type HardkasAccount, type HardkasAccountKind, type HardkasBaseAccount, type HardkasEvmPrivateKeyAccount, type HardkasExternalWalletAccount, type HardkasKaspaPrivateKeyAccount, type HardkasSigner, type HardkasSignerKind, type HardkasSimulatedAccount, type HardkasTxPlanSigner, type KaspaKeyGenerator, KaspaSdkKeyGenerator, type KaspaSdkKeyGeneratorOptions, KaspaSdkRealTxSigner, type KaspaSdkRealTxSignerOptions, type KaspaSigningBackendStatus, KaspaWasmPrivateKeySigner, type KeystoreCipherParams, type KeystoreKdfParams, KeystoreManager, type KeystorePayload, type KeystoreUnlockResult, type RealAccountStore, type RealDevAccount, type RealTxSigner, type RealTxSigningInput, type RealTxSigningResult, type ResolveAccountOptions, type SignTxPlanInput, type SignTxPlanResult, SimulatedSigner, SimulatedTxPlanSigner, UnsupportedKaspaKeyGenerator, UnsupportedRealKaspaSigner, UnsupportedRealTxSigner, assertSigningNetworkAllowed, createEmptyRealAccountStore, describeAccount, getDefaultRealAccountsPath, getKaspaSigningBackendStatus, getRealDevAccount, getRequiredEnv, importRealDevAccount, listHardkasAccounts, listRealDevAccounts, loadKaspaWasm, loadOrCreateRealAccountStore, loadRealAccountStore, loadRealAccountStoreSync, removeRealDevAccount, resolveHardkasAccount, resolveHardkasAccountAddress, resolveRealAccountOrAddress, saveRealAccountStore, signTxPlanArtifact, validateAccountName, validateAddressPrefix };

package/dist/index.js CHANGED Viewed

@@ -21,6 +21,7 @@ import { createDeterministicAccounts } from "@hardkas/localnet";
 // src/real-accounts.ts
 import fs from "fs";
 import path from "path";
+import { writeFileAtomicSync } from "@hardkas/core";
 import { HARDKAS_VERSION, ARTIFACT_SCHEMAS, ARTIFACT_VERSION } from "@hardkas/artifacts";
 function getDefaultRealAccountsPath(cwd = process.cwd()) {
   return path.join(cwd, ".hardkas", "accounts.real.json");
@@ -34,7 +35,7 @@ function createEmptyRealAccountStore() {
     networkId: "simnet",
     mode: "real",
     connectionMode: "node",
-    warning: "Development keys only. Do not use on mainnet. Private keys are stored in plaintext.",
+    warning: "HardKAS: Development account store. Encrypted storage is default. Unsafe plaintext storage is legacy.",
     accounts: []
   };
 }
@@ -45,7 +46,17 @@ function loadRealAccountStoreSync(options) {
   }
   try {
     const data = fs.readFileSync(filePath, "utf-8");
-    return JSON.parse(data);
+    const store = JSON.parse(data);
+    const plaintextAccounts = store.accounts.filter((a) => a.privateKey);
+    if (plaintextAccounts.length > 0) {
+      const names = plaintextAccounts.map((a) => a.name).join(", ");
+      console.warn(`
+  \u26A0\uFE0F  [SECURITY WARNING] Plaintext private keys detected in legacy account store for: ${names}`);
+      console.warn(`     Location: ${filePath}`);
+      console.warn(`     Recommendation: Re-import these accounts using encrypted keystores.
+`);
+    }
+    return store;
   } catch (e) {
     throw new Error(`Failed to load real account store at ${filePath}: ${e instanceof Error ? e.message : String(e)}`);
   }
@@ -62,12 +73,11 @@ async function loadOrCreateRealAccountStore(options) {
 }
 async function saveRealAccountStore(store, options) {
   const filePath = options?.path || getDefaultRealAccountsPath(options?.cwd);
-  const dir = path.dirname(filePath);
-  if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true });
-  }
   try {
-    fs.writeFileSync(filePath, JSON.stringify(store, null, 2), "utf-8");
+    writeFileAtomicSync(filePath, JSON.stringify(store, null, 2), {
+      encoding: "utf-8",
+      mode: 384
+    });
   } catch (e) {
     throw new Error(`Failed to save real account store at ${filePath}: ${e instanceof Error ? e.message : String(e)}`);
   }
@@ -262,15 +272,6 @@ function getRequiredEnv(name) {
   return value;
 }
-// src/redact.ts
-function redactSecret(value) {
-  if (!value) return "";
-  if (value.length <= 10) {
-    return "***";
-  }
-  return `${value.slice(0, 6)}...${value.slice(-4)}`;
-}
 // src/signer.ts
 import {
   createSimulatedSignedTxArtifact,
@@ -454,7 +455,6 @@ async function signTxPlanArtifact(input) {
       version: "1.0.0-alpha",
       status: "signed",
       createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-      signedId: `signed_${planArtifact.planId}_${Date.now().toString(36)}`,
       txId: result.txId || "",
       // Ensure txId is present
       sourcePlanId: planArtifact.planId,
@@ -468,7 +468,9 @@ async function signTxPlanArtifact(input) {
         payload: result.signedTransaction?.payload || ""
       }
     };
-    artifact.contentHash = calculateContentHash2(artifact);
+    const contentHash = calculateContentHash2(artifact);
+    artifact.signedId = `signed-${contentHash.slice(0, 16)}`;
+    artifact.contentHash = contentHash;
     return artifact;
   }
   if (account.kind === "external-wallet") {
@@ -617,6 +619,7 @@ import fs3 from "fs";
 import path3 from "path";
 import crypto from "crypto";
 import { argon2id } from "hash-wasm";
+import { writeFileAtomic } from "@hardkas/core";
 var KeystoreManager = class {
   /**
    * Keystore container format version. Separate from ARTIFACT_VERSION.
@@ -759,7 +762,10 @@ var KeystoreManager = class {
       if (!fs3.existsSync(dir)) {
         await fs3.promises.mkdir(dir, { recursive: true });
       }
-      await fs3.promises.writeFile(filePath, JSON.stringify(keystore, null, 2), "utf-8");
+      await writeFileAtomic(filePath, JSON.stringify(keystore, null, 2), {
+        encoding: "utf-8",
+        mode: 384
+      });
     } catch (e) {
       throw new Error(`Failed to save keystore at ${filePath}: ${e instanceof Error ? e.message : String(e)}`);
     }
@@ -789,7 +795,6 @@ export {
   loadOrCreateRealAccountStore,
   loadRealAccountStore,
   loadRealAccountStoreSync,
-  redactSecret,
   removeRealDevAccount,
   resolveHardkasAccount,
   resolveHardkasAccountAddress,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hardkas/accounts",
-  "version": "0.2.2-alpha",
+  "version": "0.3.0-alpha",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -17,10 +17,10 @@
   ],
   "dependencies": {
     "hash-wasm": "^4.12.0",
-    "@hardkas/artifacts": "0.2.2-alpha",
-    "@hardkas/core": "0.2.2-alpha",
-    "@hardkas/config": "0.2.2-alpha",
-    "@hardkas/localnet": "0.2.2-alpha"
+    "@hardkas/artifacts": "0.3.0-alpha",
+    "@hardkas/config": "0.3.0-alpha",
+    "@hardkas/localnet": "0.3.0-alpha",
+    "@hardkas/core": "0.3.0-alpha"
   },
   "devDependencies": {
     "tsup": "^8.3.5",